CVE-2024-12253
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/12/2024
Last modified:
07/12/2024
Description
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM